New Features in v5.0+
- New user interface: We redesigned the interface for a better user experience. The new look is modern and fresh with dark and light mode.
- New Main Dashboard: A new main dashboard with the most critical information in one sight. It lets you have a complete view of the situation on your monitored infrastructure.
- Opensearch and Opendashboards: We migrated from Elasticsearch and Kibana to the open-source and more powerful alternative Opensearch and opendashboard.
- Upgrade Wazuh to version 4.3
How to install the new version?
There is a new acsia_prepare.sh script that MUST be used instead of the old one.
How to upgrade from version 4.x?
First, log in as an acsia user. And then, create inside the acsia server the file pre_update_v5.sh. As follows, make sure the script is executable using the command:
sudo su - acsia
chmod +x pre_update_v5.sh
To complete the upgrade from version 4.x, the user acsia MUST now execute the command:
Important Bug Fixes
- Fix whitelist subnet throwing an exception in edge cases.
- Fix issue with reset password of the initial default user.
- When an Access Location is Waiting for approval rule is deleted, notifications related to the user and related IP cause inconsistent behaviour. So executing an action on the notification would generate an exception.
- Fix issue with the agent installation script on Windows 10 with specific network configuration.
- Fix General Network Traffic Dashboard not working correctly.
- Fix the issue with the notification table not being updated when a notification is closed.
- Fix issue with retrieving windows administrator user in French.
- Improved database query performance (ephemeral agent commands) and prevented timeouts.
The agent installation script launches a new PowerShell which tests that information about host networks can be collected. If not, network details are not collected. It prevents the installation script to get stuck. The user may ask about it.
Replaced public IP service with 4securitas’ https://wimi.xdrplus.com/ip
- New user interface
- Insights Dashboard
- Main dashboard #1137
- Migration to OpenSearch and OpenDashboards #1159 #1163 #1165 #1180
- Upgrade Wazuh to version 4.3 #1182
- Rebranding #1180
- Add host last seen in host list #1255 #1316
- Add host agent version in host list #1255 #1316
It may be necessary to refresh the page in order to see the new columns in the host list table.
- New Settings styling (Accordion)
- Improve database queries performance (ephemeral agent commands) and prevent timeouts.
- Enhanced SQL Injection detector #1299
- Enhanced port scan detection and visualisation 1239 1264
- Enhanced brute force attacks detection 1232
- Enhanced access failures analysis 1237
- Enhanced SQL injection detection 1261
- Agent: Enhanced ACSIA agent message handling 1035
- Database: Enhanced performance 1212
- ACSIA update script: Rollback on CTRL+C 1214
- Windows: Enhanced system logs manipulation detection 1257
- Kernel module: Enhanced rules update 1210
- Enhanced agent error notification: handle already banned/unbanned messages #1304
- Fix General Network Traffic Dashboard not working correctly #1165
- Remove change IP detection for agentless mode #1161
- Fix change default user password breaks acsia stack restart script #1170
- Fix issue with retrieving windows administrator user in French #1184
- Fix add whitelist subnet throwing an exception in edge cases. #1185
- Fix waiting for approval access location inconsistent behaviour #1140
- Fix issue with the agent installation script on Windows 10 with specific network configuration. #1195
- Fix issue with the notification table not being updated when a notification is closed nimbus/acsia-new-ui-ux#168
- Fix IocRepo throwing exceptions when there are no results 127cb08c
- Fix broken Falco custom rules #1201
- Fix Wazuh syscheck false positive #1198
- Fix long web request params can't be stored in DB #1299
- Fix missing IP discovery on Windows, in case of host network issues 1205
- Fix false positives from internal components 1209
- Fix Policies IP filter not working after several IP filtering actions 1207
- Fix OpenSearch doesn’t start automatically on host reboot 1196
- Fix changing settings fail when disabling SMTP 1231
- Fix ACM API periodically not reachable 1216
- Fix SSL certificates deployment missing script command 1234